Privacy

Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how your personal data is handled when you use our website. Personal data are all data that can be used to personally identify you.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is VON SCHÜTZ c/o HOOSA GmbH, Immengarten 4, 30926 Seelze, Germany, Tel.: +49 5137 14 923 72, E-mail: info@vonschutz.com. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When you use our website purely for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which are technically necessary for us to display the website:

The website you visited on our domain
Date and time of access
Amount of data sent in bytes
Source/referrer from which you reached the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. This data is not transferred or otherwise used. However, we reserve the right to retrospectively check the server log files if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries sent to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock icon in your browser’s address bar.

3) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies — small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called “session cookies”), while others remain on your device for a longer period and allow page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage duration in your web browser’s cookie settings overview.

Insofar as personal data are also processed by individual cookies used by us, processing is carried out in accordance with Art. 6 (1) lit. b GDPR either for the performance of a contract, in accordance with Art. 6 (1) lit. a GDPR in the event consent has been granted, or in accordance with Art. 6 (1) lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the website visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them, or exclude the acceptance of cookies for certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be restricted.

4) Contacting Us

4.1 Zoho SalesIQ
This website uses the live chat system provided by the following provider:
Zoho Corporation GmbH, Trinkausstr. 7, 40213 Düsseldorf, Germany

The processing of personal data transmitted via chat is carried out either in accordance with Art. 6 (1) lit. b GDPR, if it is necessary for initiating or fulfilling a contract, or in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in effectively assisting our website visitors.
The data you provide will be deleted, subject to statutory retention periods, once the relevant matter has been conclusively resolved.

Additionally, further information may be collected and evaluated by means of cookies to create pseudonymized user profiles, but these do not serve to personally identify you and are not combined with other data sets. Insofar as this information is personally identifiable, processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization purposes.

The setting of cookies can be prevented via corresponding browser settings. In that case, the functionality of our website may be restricted.
You can object to the collection and storage of data at any time with effect for the future.

Data are also transferred to: Zoho Corp., USA

We have concluded a data processing agreement (“Auftragsverarbeitungsvertrag”) with this provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider is certified under the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.

4.2 Trustpilot
For sending review reminders, we use the services of the following provider:
Trustpilot A/S, Pilestræde 58, 1112 Copenhagen, Denmark

We only transmit your e-mail address and, if applicable, other customer data to the provider based on your explicit consent in accordance with Art. 6 (1) lit. a GDPR so that they can contact you with a review reminder via e-mail.

You may withdraw your consent at any time with effect for the future, either by contacting us or the provider.

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

4.3 WhatsApp Business
We offer visitors to our website the opportunity to contact us via the WhatsApp messaging service, operated by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the so-called “Business Version” of WhatsApp for this purpose.

If you contact us via WhatsApp regarding a specific transaction (for example, an order you have placed), we will store and use the mobile phone number you use with WhatsApp and—if provided—your first and last name in accordance with Art. 6 (1) lit. b GDPR to process and respond to your request. On the same legal basis, we may request additional data (order number, customer number, address, or e-mail address) via WhatsApp where necessary to assign your request to a specific transaction.

If you use our WhatsApp contact for general inquiries (e.g., about our services, availabilities, or website), we will store and use the mobile phone number you use with WhatsApp and—if provided—your first and last name in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in efficiently and promptly providing the requested information.

Your data will only ever be used to respond to your inquiry via WhatsApp. No data will be passed on to third parties.

Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transfers the phone numbers stored therein to a server of the parent company, Meta Platforms Inc., in the USA. For operating our WhatsApp Business account, we use a mobile device whose address book stores only the WhatsApp contact data of users who have also contacted us via WhatsApp.

In doing so, we ensure that each person whose WhatsApp contact details are stored in our address book, upon first using the app on their device, has consented—by accepting WhatsApp’s Terms of Use—in accordance with Art. 6 (1) lit. a GDPR to the transmission of their WhatsApp phone number from the address books of their chat contacts. The transmission of data of users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.

For information on the purpose and scope of data collection and the further processing and use of data by WhatsApp, as well as your related rights and privacy settings, please see WhatsApp’s privacy policy:
https://www.whatsapp.com/legal/?eea=1#privacy-policy

As part of the above-mentioned processes, it may happen that data is transmitted to servers of Meta Platforms Inc. in the USA.

4.4 When you contact us (e.g., via contact form or e-mail), personal data will be processed solely for the purpose of handling and responding to your inquiry, and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR. Your data will be deleted once it is evident that the matter concerned has been conclusively resolved, provided that there are no legal retention obligations that conflict with this.

5) Data Processing When Opening a Customer Account

In accordance with Art. 6 (1) lit. b GDPR, personal data are collected and processed to the extent necessary when you provide it to us for the purpose of opening a customer account. The required data for opening an account can be found in the input form on our website.

You can request the deletion of your customer account at any time by sending a message to the abovementioned address of the controller. After the deletion of your customer account, your data will be deleted, provided that all contracts concluded via it have been fully performed, there are no legal retention obligations, and there is no legitimate interest on our part in continuing to store the data.

6) Use of Customer Data for Direct Advertising

6.1 Subscribing to Our E-Mail Newsletter
If you sign up for our e-mail newsletter, we will send you information on our offers on a regular basis. The only mandatory information for sending the newsletter is your e-mail address. The provision of additional data is voluntary and used solely to address you personally. For sending the newsletter, we use a so-called double opt-in procedure, ensuring that we only send newsletters once you have explicitly confirmed your consent to receive the newsletter by clicking a verification link sent to the specified e-mail address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) lit. a GDPR. In this context, we store the IP address entered by your Internet service provider (ISP), as well as the date and time of registration, to be able to trace any potential misuse of your e-mail address at a later time. The data collected by us when you register for the newsletter will be used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in each newsletter or by sending a corresponding message to the controller mentioned at the beginning. After you have unsubscribed, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have explicitly consented to the further use of your data, or we reserve the right to use data beyond this which is permitted by law and about which we inform you in this statement.

6.2 Zoho
Our e-mail newsletters are sent via the following provider:
Zoho Corporation GmbH, Trinkausstr. 7, 40213 Düsseldorf, Germany

Data are also transferred to: Zoho Corp., USA

Based on our legitimate interest in effective and user-friendly newsletter marketing (Art. 6 (1) lit. f GDPR), we pass on the data you provided when registering for the newsletter to this provider, so that they can send the newsletter on our behalf.

Subject to your explicit consent in accordance with Art. 6 (1) lit. a GDPR, the provider will also carry out a statistical performance analysis of newsletter campaigns using web beacons or tracking pixels in sent e-mails, which can measure open rates and specific user interactions with newsletter content. Device information (e.g., time of retrieval, IP address, browser type, and operating system) may also be collected and evaluated, but not merged with other data sets.

You can withdraw your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with this provider, which protects the data of our website visitors and prohibits disclosure to third parties.

6.3 Postal Advertising
Based on our legitimate interest in personalized direct advertising, we reserve the right to store your first and last name, your postal address, and—if we have received this additional information in the context of our contractual relationship—your title, academic degree, birth year, and professional, industry, or business name, in accordance with Art. 6 (1) lit. f GDPR, and to use it for sending you interesting offers and information about our products by post.

You can object to the storage and use of your data for this purpose at any time by notifying us.

7) Data Processing for Order Handling

7.1 Transmission of Image Files for Order Processing by E-Mail
On our website, we offer customers the opportunity to personalize products by sending image files via e-mail. The submitted image motif is then used as a template for personalizing the selected product.

Customers can send one or more image files from their device’s storage to us via the e-mail address provided on the website. We then collect, store, and use these files exclusively for creating the personalized product in accordance with the service description on our website. If the transmitted image files are forwarded to specialized service providers for the production and handling of the order, you will be explicitly informed of this in the following sections. No further transfer occurs. If the transmitted files or digital motifs contain personal data (in particular images of identifiable individuals), all the above-mentioned processing operations are carried out solely for the purpose of processing your online order in accordance with Art. 6 (1) lit. b GDPR.

After the final handling of the order, the transmitted image files are automatically and completely deleted.

7.2 Transmission of Image Files for Order Processing by Messaging Function
If customers have the option of ordering personalized products by sending image files via a messaging function, the submitted image motif will be used as a template for personalizing the selected product.
Via the Instagram messaging function, the customer can send one or more image files from the device’s storage directly to us. We then collect, store, and use these files exclusively for creating the personalized product according to the respective service descriptions. If the transmitted image files are forwarded to specialized service providers for the production and handling of the order, you will be explicitly informed of this in the following sections. No further transfer occurs. If the transmitted files or digital motifs contain personal data (especially images of identifiable individuals), all aforementioned processing operations are carried out solely for the purpose of completing your online order in accordance with Art. 6 (1) lit. b GDPR. After the order has been conclusively processed, the transmitted image files are automatically and completely deleted.

7.3 Transmission of Image Files for Order Processing by Upload Function
On our website, we offer customers the opportunity to personalize products by uploading image files via an upload function. The submitted image motif is used as a template for the selected product.

Via the upload form on the website, the customer can transfer one or more image files from their device’s storage to us through an automated, encrypted data transmission. We then collect, store, and use the transmitted files exclusively for creating the personalized product in accordance with the respective service description on our website. If the submitted image files need to be forwarded to specialized service providers for the production and handling of the order, you will be explicitly informed of this in the following sections. No further transfer occurs. If the transmitted files or digital motifs contain personal data (especially images of identifiable individuals), all aforementioned processing operations are carried out solely for the purpose of completing your online order in accordance with Art. 6 (1) lit. b GDPR.

After the final processing of the order, the transmitted image files are automatically and completely deleted.

7.4 To the extent necessary for the performance of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned financial institution in accordance with Art. 6 (1) lit. b GDPR.

If, under a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact data (name, address, e-mail address) provided by you at the time of the order to inform you personally of upcoming updates within the legally stipulated period, using suitable communication methods (e.g., postal service or e-mail) as part of our legal information obligations in accordance with Art. 6 (1) lit. c GDPR. Your contact data are used strictly for these notifications about the updates we owe and only to the extent necessary for this information.

Furthermore, for handling your order, we collaborate with the following service provider(s), who fully or partially support us in fulfilling the concluded contracts. Certain personal data will be shared with these service providers as described below.

7.5 Disclosure of Personal Data to Shipping Service Providers

Cargoboard GmbH & Co. KG, Technologiepark 22, 33100 Paderborn, Germany
We will pass on your e-mail address and/or telephone number to the provider before delivering the goods in accordance with Art. 6 (1) lit. a GDPR for the purpose of coordinating a delivery date or delivery notification, provided that you have given your explicit consent in the order process. Otherwise, we will only provide the name of the recipient and the delivery address to the provider in accordance with Art. 6 (1) lit. b GDPR for the purpose of delivery. Data is only transferred if required for the delivery of the goods. In this case, coordination of the delivery date with the provider or delivery notification in advance is not possible.
You can revoke your consent at any time with effect for the future by informing either us or the provider.
Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany
We will pass on your e-mail address and/or telephone number to the provider before delivering the goods in accordance with Art. 6 (1) lit. a GDPR for the purpose of coordinating a delivery date or delivery notification, provided that you have given your explicit consent in the order process. Otherwise, we will only provide the name of the recipient and the delivery address to the provider in accordance with Art. 6 (1) lit. b GDPR for the purpose of delivery. Data is only transferred if required for the delivery of the goods. In this case, coordination of the delivery date with the provider or delivery notification in advance is not possible.
You can revoke your consent at any time with effect for the future by informing either us or the provider.
DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany
The same procedure for transmission of data and consent applies as stated above.
General Logistics Systems Germany GmbH & Co. OHG (GLS), GLS Germany-Straße 1–7, 36286 Neuenstein, Germany
The same procedure for transmission of data and consent applies as stated above.
Kühne + Nagel AG & Co. KG, Wilhelm-Kaisen-Brücke 1, 28195 Bremen, Germany
The same procedure for transmission of data and consent applies as stated above.
Schenker Deutschland AG, Lyoner Straße 15, 60528 Frankfurt am Main, Germany
The same procedure for transmission of data and consent applies as stated above.
TNT Express GmbH, Haberstraße 2, 53842 Troisdorf, Germany
The same procedure for transmission of data and consent applies as stated above.

7.6 Use of Payment Service Providers

Apple Pay
If you choose the “Apple Pay” payment method offered by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment is processed via the “Apple Pay” function of your device running iOS, watchOS, or macOS by charging a payment card stored in “Apple Pay.” Apple Pay uses security features built into your device’s hardware and software to protect your transactions. To approve a payment, you must enter a code you have previously set and verify your identity using the “Face ID” or “Touch ID” function on your device.
For the purpose of payment processing, the information you provided during the ordering process, along with information about your order, is transmitted to Apple in encrypted form. Apple encrypts this data again with a developer-specific key before transmitting it to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After payment has been made, Apple sends a device account number and a transaction-specific dynamic security code back to the website to confirm payment success.
Insofar as personal data are processed in this context, it is done exclusively for payment processing purposes in accordance with Art. 6 (1) lit. b GDPR.
Apple keeps anonymized transaction data, including approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. By anonymizing the data, the information cannot be traced back to you. Apple uses anonymized data to improve Apple Pay and other Apple products and services.
If you use Apple Pay on your iPhone or Apple Watch to complete a purchase made via Safari on your Mac, the Mac and the authorization device communicate via an encrypted channel on Apple’s servers. Neither Apple nor we process or store data in a form that could identify you personally. You can turn off the ability to use Apple Pay on your Mac in the settings of your iPhone. Go to “Wallet & Apple Pay” and deactivate “Allow Payments on Mac.”
For more information on Apple Pay privacy, please visit: https://support.apple.com/de-de/HT203027

EPS-Überweisung (EPS Transfer)
This website offers one or more online payment methods provided by:
PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria
If you choose a payment method from this provider where you pay in advance (e.g., credit card payment), the payment data you provide during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about your order will be passed on to the provider in accordance with Art. 6 (1) lit. b GDPR. Data is transferred only to the extent necessary for payment processing.

giropay
This website offers one or more online payment methods provided by:
paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany
The procedure for data transfer and legal basis is the same as described above.

Google Pay
If you choose the “Google Pay” payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), payment is processed via the “Google Pay” app on your mobile device (running at least Android 4.4 [KitKat] and equipped with an NFC function) by charging a payment card stored in Google Pay or a verified payment system (e.g., PayPal). To approve a payment of more than €25 via Google Pay, you must unlock your mobile device using the verification method you have set up (e.g., facial recognition, password, fingerprint, or pattern).
For the purpose of payment processing, the information you provided during the ordering process, along with information about your order, is transferred to Google. Google then transmits your payment information stored in Google Pay in the form of a uniquely assigned transaction number to the originating website, which verifies a completed payment. This transaction number does not contain any personally identifiable information regarding your actual payment details in Google Pay, but it is generated and transmitted as a unique numeric token. For all transactions via Google Pay, Google only acts as an intermediary for processing the payment. The actual transaction is executed solely between the user and the originating website by charging the payment method stored in Google Pay.
Insofar as personal data are processed in this context, it is done exclusively for payment processing purposes in accordance with Art. 6 (1) lit. b GDPR.
Google reserves the right to collect, store, and evaluate certain transaction-specific data for each Google Pay transaction. This includes the date, time, and amount of the transaction; merchant location and description; a description provided by the merchant of the purchased goods or services; any photos you attach to the transaction; the name and e-mail addresses of the seller and buyer (or sender and recipient); the payment method used; your description of why the transaction was made; and, where applicable, the associated offer.
According to Google, this data processing is carried out exclusively in accordance with Art. 6 (1) lit. f GDPR based on Google’s legitimate interest in proper accounting, verifying transaction data, and optimizing and maintaining the Google Pay service.
Google also reserves the right to merge the processed transaction data with other information collected and stored by Google when other Google services are used.
Google Pay Terms of Use can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on Google Pay privacy can be found here:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

iDeal
This website offers one or more online payment methods provided by:
Currence Holding BV, Beethovenstraat 300, Amsterdam, Netherlands
The procedure for data transfer and legal basis is the same as described for other providers above.

Klarna
This website offers one or more online payment methods provided by:
Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden
If you select a Klarna payment method where you pay in advance (e.g., credit card payment), the payment data you provide during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about your order will be passed on to the provider in accordance with Art. 6 (1) lit. b GDPR, but only as needed for payment processing.
If you choose a payment method where the provider pays in advance (e.g., invoice or installment purchase, or direct debit), you will be asked during the ordering process to provide certain personal data (first and last name, address, postal code, city, date of birth, e-mail address, telephone number, and possibly data about an alternative payment method).
To safeguard our legitimate interest in determining the payment ability of our customers, these data will be forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6 (1) lit. f GDPR. The provider will check, based on your personal data and other data (e.g., shopping basket, invoice amount, order history, payment experiences), whether the payment method you have chosen can be granted in relation to payment and/or default risks.
In making its decision as part of the application review, the provider may also incorporate identity and credit information from the following credit agencies, in accordance with Art. 6 (1) lit. f GDPR:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). Insofar as score values are included in the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, but not exclusively, are included in the calculation of score values.
You can object to this processing of your data at any time by sending a message to us or to the provider. Nevertheless, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

paydirekt
This website offers one or more online payment methods provided by:
paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main, Germany
The procedure for data transfer and legal basis is the same as described for other providers above.

PayPal
This website offers one or more online payment methods provided by:
PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg
If you select a PayPal payment method where you pay in advance, the payment data you provide during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about your order will be passed on to the provider in accordance with Art. 6 (1) lit. b GDPR, but only as needed for payment processing.
If you choose a payment method where we pay in advance, you will also be asked during the ordering process to provide certain personal data (first and last name, address, postal code, city, date of birth, e-mail address, telephone number, and possibly data about an alternative payment method).
To safeguard our legitimate interest in determining your payment ability in such cases, we will forward these data in accordance with Art. 6 (1) lit. f GDPR to the provider for the purpose of a credit check. The provider will check, based on your personal data and other data (e.g., shopping basket, invoice amount, order history, payment experiences), whether the payment method you have chosen can be granted in relation to payment and/or default risks.
The credit report may contain probability values (so-called score values). Insofar as these score values are included in the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, but not exclusively, are included in the calculation of the score values.
You can object to this processing of your data at any time by sending a message to us or to the provider. Nevertheless, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

SOFORT
This website offers one or more online payment methods provided by:
SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany
The procedure for data transfer and legal basis is the same as described for other providers above.

Stripe
This website offers one or more online payment methods provided by:
Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland
If you select a Stripe payment method where you pay in advance (e.g., credit card payment), the payment data you provide during the ordering process (including name, address, bank and card information, currency, and transaction number) as well as information about your order will be passed on to the provider in accordance with Art. 6 (1) lit. b GDPR, but only as needed for payment processing.
If you select a payment method where the provider pays in advance (e.g., invoice or installment purchase, or direct debit), you will be asked during the ordering process to provide certain personal data (first and last name, address, postal code, city, date of birth, e-mail address, telephone number, and possibly data about an alternative payment method).
To safeguard our legitimate interest in determining the payment ability of our customers, we will forward these data in accordance with Art. 6 (1) lit. f GDPR to the provider for the purpose of a credit check. The provider will check, based on your personal data and other data (e.g., shopping basket, invoice amount, order history, payment experiences), whether the payment method you have chosen can be granted in relation to payment and/or default risks.
The credit report may contain probability values (so-called score values). Insofar as these score values are included in the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, but not exclusively, are included in the calculation of score values.
You can object to this processing of your data at any time by sending a message to us or the provider. Nevertheless, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments.

8) Online Marketing

Zoho
This website uses a software-based marketing service from the following provider for various customer management services and data synchronization:
Zoho Corporation GmbH, Trinkausstr. 7, 40213 Düsseldorf, Germany

The service enables automated processing of feed activities, control of advertising in used marketing channels, performance analysis of marketing measures, as well as centralized e-mail marketing and contact management.

Cookies are used to enable the various functions. These are small text files stored in your browser’s local cache on your end device that allow us to analyze your use of the website. These cookies collect certain information, such as your IP address, location, and the time you visited the page.

Data may also be transferred to: Zoho Corp., USA.

All of the above-mentioned processing, in particular the setting of cookies for reading out information on the end device used, is only carried out if you have given us your explicit consent in accordance with Art. 6 (1) lit. a GDPR. You can withdraw your granted consent at any time with effect for the future by disabling this service in the “cookie consent tool” provided on the website.

Other legal bases for processing that apply within specific service features (e.g., the need for explicit consent under Art. 6 (1) lit. a GDPR when sending newsletters) remain unaffected.

We have concluded a data processing agreement with this provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

9) Web Analytics Services

9.1 Google Analytics 4
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which allows an analysis of your use of our website.

By default, when you visit the website, Google Analytics 4 uses cookies that are stored on your end device as small text modules and that collect certain information, including your IP address. However, your IP address is shortened by Google before further processing in order to exclude direct personal references.

The information is transmitted to Google’s servers and processed there. In doing so, data may also be transferred to Google LLC servers in the USA.

Google uses this information on our behalf to evaluate your use of the website, compile reports on website activity, and provide other services related to website usage and internet usage. The IP address transmitted by your browser within the scope of Google Analytics and subsequently shortened is not merged with other data from Google. Data collected via Google Analytics 4 is stored for two months and then deleted.

All the aforementioned processing, in particular the setting of cookies on your device, takes place only if you have given us your express consent in accordance with Art. 6 (1) lit. a GDPR. Without your consent, Google Analytics 4 will not be used during your visit. You can withdraw your consent at any time with effect for the future. To exercise your right to withdraw, please disable this service via the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with Google, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

Additional legal information about Google Analytics 4 can be found here:
https://policies.google.com/privacy?hl=de&gl=de
and here:
https://policies.google.com/technologies/partner-sites

Demographics
Google Analytics 4 uses the “demographic features” function to create statistics about the age, gender, and interests of website visitors. This is achieved by analyzing advertising and information from third parties. This allows the identification of target groups for marketing purposes. However, the collected data cannot be assigned to any specific individual and will be deleted after two months.

Google Signals
As an extension to Google Analytics 4, this website may use Google Signals to create cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, and if you have consented to the use of Google Analytics in accordance with Art. 6 (1) lit. a GDPR, Google can analyze your usage behavior across devices and create database models, among others for cross-device conversions. We do not receive any personal data from Google, only statistical reports. If you want to stop cross-device analysis, you can deactivate the “Personalized Advertising” feature in your Google account settings. Follow the instructions on this page:
https://support.google.com/ads/answer/2662922?hl=de
Further information on Google Signals can be found here:
https://support.google.com/analytics/answer/7532985?hl=de

UserIDs
As an extension to Google Analytics 4, this website may use the “UserIDs” feature. If you have consented to the use of Google Analytics 4 under Art. 6 (1) lit. a GDPR, have created an account on this website, and log in with this account on various devices, your activities, including conversions, can be analyzed across devices.

For data transfers to the USA, Google is certified under the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.

9.2 Google Tag Manager
This website uses “Google Tag Manager,” a service of the following provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Tag Manager provides a technical framework that allows various web applications, including tracking and analysis services, to be bundled and calibrated, controlled, or tied to conditions via a unified user interface. Google Tag Manager itself does not store or read any information on user devices. Nor does it carry out its own data analyses. However, by using Google Tag Manager, your IP address may be transmitted to Google when a page is called up and possibly stored there. A transfer to servers of Google LLC in the USA is also possible.

This processing takes place only if you have given us your explicit consent in accordance with Art. 6 (1) lit. a GDPR. Without such consent, Google Tag Manager will not be used during your visit. You can withdraw your consent at any time with effect for the future. To do so, please disable this service in the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with the provider, ensuring the protection of our website visitors’ data and prohibiting unauthorized disclosure to third parties.

10) Retargeting/Remarketing and Conversion Tracking

10.1 Meta Pixel
Within our online offering, we use the “Meta Pixel” service from the following provider:
Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (“Meta”)

When a user clicks on an ad we have placed on Facebook and/or Instagram, “Meta Pixel” adds a parameter to the URL of our linked page. This URL parameter is then stored in the user’s browser through a cookie set by our linked page once they have been redirected.

This, on one hand, allows Meta to determine the visitors of our online offering as a target group for the display of ads (“Ads”). Accordingly, we use the service to display our Facebook or Instagram ads only to those users who have shown an interest in our online offering or who have specific characteristics (e.g., interests in certain subjects or products based on the websites visited) that we submit to Meta (“Custom Audiences”).

On the other hand, “Meta Pixel” makes it possible for us to track whether users were redirected to our website after clicking on an ad and what actions they then performed there (“Conversion Tracking”).

The collected data is anonymous to us and does not allow us to draw any conclusions about the user’s identity. However, Meta stores and processes the data so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes.

All aforementioned processing, especially the setting of cookies for reading information on the end device, is carried out only if you have provided us with your explicit consent under Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time with effect for the future by disabling this service in the “cookie consent tool” on our website.

We have concluded a data processing agreement with the provider, ensuring the protection of our website visitors’ data and prohibiting unauthorized disclosure to third parties.

The information generated by Meta is generally transferred to a server of Meta and stored there; in this context, data may also be transferred to servers of Meta Platforms Inc. in the USA.

For data transfers to the USA, Meta is certified under the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.

10.2 Google Ads Remarketing
This website uses retargeting technology from the following provider:
Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

For this purpose, Google sets a cookie in the browser of your device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and based on the pages you have visited. No other data processing takes place unless you have consented to Google linking your web and app browsing history to your Google account and allowing information from your Google account to be used to personalize ads you see on the web. If you are logged into Google during your visit to our website in this case, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. To that end, Google temporarily links your personal data with Google Analytics data to build audiences. In connection with the use of Google Ads Remarketing, personal data may also be transferred to servers of Google LLC in the USA.

All aforementioned processing, particularly the setting of cookies for reading information on your end device, only occurs if you have given us your explicit consent in accordance with Art. 6 (1) lit. a GDPR. Without such consent, retargeting technology will not be used during your visit.

You can withdraw your consent at any time with effect for the future by disabling the service in the “cookie consent tool” on the website.

10.3 Pinterest Retargeting Pixel
This website uses retargeting technology from the following provider:
Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland

This allows visitors to our website who have already shown an interest in our shop and our products to be addressed again with personalized, interest-based advertising. The ads are displayed based on a cookie-based analysis of previous and current user behavior, though no personal data is stored. In connection with the retargeting technology, a cookie is stored on your computer or mobile device to collect pseudonymous data about your interests and thus customize advertising to the information stored. These cookies are small text files that are stored on your device. As a result, you see ads that most likely correspond to your product and information interests.

All aforementioned processing, especially the setting of cookies for reading out information on your end device, only occurs if you have provided us with your explicit consent under Art. 6 (1) lit. a GDPR. Without your consent, retargeting technology will not be used during your visit.

You can withdraw your consent at any time with effect for the future by disabling the service in the “cookie consent tool” on the website.

10.4 Google Ads Conversion Tracking
This website uses the online advertising program “Google Ads” and, within Google Ads, the conversion tracking function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We use Google Ads to draw attention to our attractive offerings on external websites via advertising media (known as Google Adwords). We can determine the success of individual advertising measures in relation to the data from the advertising campaigns. We pursue the interest of showing you advertising that is of interest to you, making our website more interesting for you, and achieving a fair calculation of advertising costs.

A conversion tracking cookie is set when a user clicks on an ad placed by Google. Cookies are small text files stored on your device. These cookies generally expire after 30 days and are not used for personal identification. If a user visits certain pages on this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to that page. Each Google Ads customer receives a different cookie. Therefore, cookies cannot be tracked across the websites of Google Ads customers. The information collected by means of the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers are informed of the total number of users who clicked on their ad and were redirected to a page provided with a conversion tracking tag. However, they do not receive any information that personally identifies users. Personal data may be transmitted to Google LLC servers in the USA in the course of using Google Ads.

Details on the processing triggered by Google Ads Conversion Tracking and Google’s handling of website data can be found here:
https://policies.google.com/technologies/partner-sites

All aforementioned processing, especially the setting of cookies for reading out information on your end device, only occurs if you have provided us with your explicit consent under Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time with effect for the future by disabling this service in the “cookie consent tool” on our website.

You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the browser plug-in provided at the following link:
https://www.google.com/settings/ads/plugin?hl=de

Please note that some features of this website may not be available or may be limited if you disable the use of cookies.
Google’s Privacy Policy can be viewed here: https://www.google.de/policies/privacy/

10.5 Pinterest Tag Conversion Tracking
This website uses the conversion tracking technology of the following provider:
Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland

If you arrive at our website from an ad on the provider’s domain, the success of the ad can be measured with the help of cookies and/or comparable technologies (tracking pixels, web beacons, pings, or HTTP requests).

Using the tracking technology, certain device and browser information, possibly including your IP address, is collected in order to record and evaluate predefined user actions (e.g., completed transactions, leads, searches on the website, product page views). This allows us to create statistics on user behavior on our website after they have been redirected from an ad, helping us optimize our offering.

All aforementioned processing, particularly the setting of cookies for reading out information on your device, is only carried out if you have given us your explicit consent in accordance with Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time with effect for the future by disabling this service in the “cookie consent tool” on our website.

We have concluded a data processing agreement with the provider, ensuring the protection of our website visitors’ data and prohibiting unauthorized disclosure to third parties.

10.6 TikTok Pixel
This website uses the conversion tracking technology of the following provider:
TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland

Using the tracking technology, certain device and browser information, possibly including your IP address, is collected to measure and evaluate predefined user actions (e.g., completed transactions, leads, searches on the website, product page views). This helps us create statistics about user behavior on our website after they have been redirected from an ad and to optimize our offering.

All aforementioned processing, especially the setting of cookies for reading out information on your device, is carried out only if you have given us your explicit consent in accordance with Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time with effect for the future by disabling this service via the “cookie consent tool” on our website.

We have concluded a data processing agreement with the provider, ensuring the protection of our website visitors’ data and prohibiting unauthorized disclosure to third parties.

10.7 Zoho Page Sense
This website uses the conversion tracking technology of the following provider:
Zoho Corporation GmbH, Trinkausstr. 7, 40213 Düsseldorf, Germany

If you arrive at our website from an ad on the provider’s domain, the success of the ad can be measured using cookies and/or comparable technologies (tracking pixels, web beacons, pings, or HTTP requests).

Using the tracking technology, certain device and browser information, possibly including your IP address, is collected to measure and evaluate predefined user actions (e.g., completed transactions, leads, searches on the website, product page views). This allows the creation of statistics on user behavior on our website after they have been redirected from an ad, which helps us optimize our offering.

Data may also be transferred to: Zoho Corp., USA.

All aforementioned processing, especially the setting of cookies to read out information on your device, is only carried out if you have given us your explicit consent in accordance with Art. 6 (1) lit. a GDPR. You can withdraw your consent at any time with effect for the future by disabling this service via the “cookie consent tool” on the website.

We have concluded a data processing agreement with the provider, ensuring the protection of our website visitors’ data and prohibiting unauthorized disclosure to third parties.

11) Website Functionalities

11.1 Vimeo
This website uses plugins for displaying and playing videos from the following provider:
Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, NY 10001, USA

When you access a page of our website that includes such a plugin, your browser establishes a direct connection to the provider’s servers to load the plugin. In this process, certain information, including your IP address, is transmitted to the provider.

When the playback of embedded videos starts via the plugin, the provider also uses cookies to collect information about user behavior, compile playback statistics, and prevent misuse.

If you are logged into your account with the provider when visiting our site, your data is directly associated with your account upon clicking on a video. If you do not wish this association, you must log out before clicking the play button.

All aforementioned processing, especially the setting of cookies for reading information on your device, occurs only if you have provided your explicit consent under Art. 6 (1) lit. a GDPR. You may withdraw your consent at any time with effect for the future by disabling this service in the “cookie consent tool” on our website.

11.2 YouTube
This website uses plugins for displaying and playing videos from the following provider:
Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transferred to: Google LLC, USA

When the playback of embedded videos starts via the plugin, the provider also uses cookies to collect information about user behavior, compile playback statistics, and prevent misuse.

11.3 Applications for Job Postings by E-Mail
On our website, we list current vacancies in a dedicated section, for which interested individuals can apply via e-mail to the contact address provided.

Applicants must supply all personal data necessary for an informed evaluation, including general details (name, address, contact details) and performance-related documents, as well as health-related information if necessary. Specific application details are stated in the job posting.

Upon receipt of an application by e-mail, the data is stored and assessed solely for processing the application. We may use the applicant’s e-mail address or telephone number for any queries. Processing is based on Art. 6 (1) lit. b GDPR (or § 26 (1) of the German Federal Data Protection Act [BDSG]) because going through the application process is seen as initiating an employment contract.

If, in the context of the application process, we request particular categories of personal data per Art. 9 (1) GDPR (e.g., health data such as information on disability status), the processing is carried out according to Art. 9 (2) lit. b GDPR so that we can fulfill our obligations and exercise our rights from labor law, social security, and social protection.

Additionally or alternatively, the processing of these special categories of data may be based on Art. 9 (2) lit. h GDPR if conducted for preventive health care or occupational medicine purposes, assessing working capacity, medical diagnosis, health or social care, or for the administration of health or social systems and services.

If an applicant is not selected or withdraws their application prematurely, the data they have transmitted and all e-mail correspondence, including the application e-mail, will be deleted no later than 6 months after notification to that effect. This period is determined by our legitimate interest in responding to any follow-up questions about the application and fulfilling our burden of proof requirements under German Equal Treatment legislation.

If an applicant is selected, the data provided will be processed on the basis of Art. 6 (1) lit. b GDPR (in Germany in conjunction with § 26 (1) BDSG) for the purposes of carrying out the employment relationship.

12) Tools and Other Services

12.1 Lexoffice
We use the cloud-based accounting software of the following provider for our bookkeeping:
Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg, Germany

The provider processes incoming and outgoing invoices as well as, if necessary, our company’s banking transactions to automatically record invoices, match them to transactions, and semi-automatically generate our financial accounting.

Insofar as personal data are also processed in this context, the processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in efficient organization and documentation of our business processes.

12.2 Cookie Consent Tool
This website uses a so-called “cookie consent tool” to obtain effective user consents for cookies requiring consent and cookie-based applications. The “cookie consent tool” is displayed to users in the form of an interactive user interface when they visit the site, allowing them to grant consent for certain cookies and/or cookie-based applications by ticking the relevant boxes. Any cookies or cookie-based services requiring consent will only be loaded if the user grants corresponding consent by ticking the relevant boxes. This ensures that such cookies are only placed on the user’s device when explicit consent has been given.

The tool sets technically necessary cookies to save your cookie preferences. Generally, no personal user data are processed in the process.

If, in individual cases, the processing of personal data (such as your IP address) should be necessary for storing, assigning, or recording cookie settings, this will be carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in providing legally compliant, user-specific, and user-friendly cookie consent management and thus ensuring a legally compliant design of our online presence.

Another legal basis for this processing is Art. 6 (1) lit. c GDPR. As a controller, we are legally obligated to make the use of technically unnecessary cookies dependent on the user’s consent.

Where required, we have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

Further information about the operator and the configuration options of the cookie consent tool can be found directly in the corresponding user interface on our website.

13) Rights of the Data Subject

13.1 Under applicable data protection law, you have the following rights with respect to the controller regarding the processing of your personal data (rights of access and intervention), for which the relevant statutory basis is referenced:

Right of access under Art. 15 GDPR;
Right to rectification under Art. 16 GDPR;
Right to erasure under Art. 17 GDPR;
Right to restriction of processing under Art. 18 GDPR;
Right to be informed under Art. 19 GDPR;
Right to data portability under Art. 20 GDPR;
Right to withdraw consent granted under Art. 7 (3) GDPR;
Right to lodge a complaint under Art. 77 GDPR.

13.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST FOLLOWING A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH FUTURE EFFECT ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA IN QUESTION. HOWEVER, FURTHER PROCESSING MAY BE POSSIBLE IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA ARE PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES. YOU CAN EXERCISE THIS RIGHT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA IN QUESTION FOR DIRECT MARKETING PURPOSES.

14) Duration of Storage of Personal Data

The duration of the storage of personal data is determined by the relevant legal basis, the purpose of processing, and—where applicable—by the relevant statutory retention period (e.g., commercial and tax retention periods).

When processing personal data based on explicit consent in accordance with Art. 6 (1) lit. a GDPR, the data will be stored until you withdraw your consent.

If there are statutory retention periods for data processed in the context of contractual or contract-like obligations on the basis of Art. 6 (1) lit. b GDPR, these data will be routinely deleted after the retention periods expire, provided they are no longer required for contract fulfillment or initiation, and/or there is no legitimate interest on our part in continuing to store them.

When processing personal data on the basis of Art. 6 (1) lit. f GDPR, these data will be stored until you exercise your right to object under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

When processing personal data for direct marketing purposes on the basis of Art. 6 (1) lit. f GDPR, these data will be stored until you exercise your right to object under Art. 21 (2) GDPR.

Unless otherwise specified in this policy concerning specific processing situations, stored personal data will be deleted when it is no longer needed for the purposes for which it was collected or otherwise processed.